Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Cloudera Security installation

avatar
Explorer

I have a recently upgraded cloudera cluster: Cloudera Standard 4.7.0 


I want to implement kerberos security. I don't have a KDC yet.

I found several manuals and it is confusing me.

CHD4-security guide

Security with cloudera manager

 

what is the best guide for implementing security ?

Our cluster has only 3nodes.  I deployed it with ansible, everything is healty

and there is no KDC running beside them.

 

After deploying the kerberos security on the cluster, i would want to deploy sentry.

 

 

Would setting up a KDC on centOS be suffcient?

 

1 ACCEPTED SOLUTION

avatar
Cloudera Employee

Hi bertbert98,

 

Did you restart the Cloudera Manager services after implementing Security (Kerberos)? After implementing Kerberos, you need to restart the CM services (Activity Monitor, Service Monitor, Host Monitor, etc.). These services are separate from the cluster services, and can be found at the bottom of the main 'Services' page in CM.

 

Thanks,

 

Brian Burton

Customer Operations Engineer

View solution in original post

3 REPLIES 3

avatar
Guru

@bertbert98,

 

  I have moved this post to the Cloudera Manager board in case that helps you get more attention.  I do believe it's fine to run a KDC on CentOS, though, that's how I run mine.  The Cloudera Manager doc you referenced is the correct one.

 

Clint

avatar
Explorer

Thank you, it seems to work. But i am having an other problem.

 

Cloudera manager says he can not test if the namenode , the hbase master and the jobtracker are online.

But i can work perfectly with hue & hdfs. 

 

I found that there was en error in cloudera manager and fixed in version 4.0.4 but i am running 4.7.2

avatar
Cloudera Employee

Hi bertbert98,

 

Did you restart the Cloudera Manager services after implementing Security (Kerberos)? After implementing Kerberos, you need to restart the CM services (Activity Monitor, Service Monitor, Host Monitor, etc.). These services are separate from the cluster services, and can be found at the bottom of the main 'Services' page in CM.

 

Thanks,

 

Brian Burton

Customer Operations Engineer